Jun 242016

On 22nd June, Suffusion was removed from the WP themes directory all of a sudden. Someone decided that a theme whose last version was released and approved 5 months back and whose users had been generally happy did not meet requirements, and yanked the theme.

My response to the comment was simple:

However, given that I have always come out at the losing end of these discussions, please feel free to keep the theme suspended. I have neither the inclination nor energy to get drawn into this again, particularly since the customizer implementation is back-breaking, and the users of the theme had been perfectly happy with the theme in its current state and the once-in-a-while critical updates that they were getting.

If any of you is interested I can provide the rebuttals here, but it is not worth the time and effort. Stay assured that the all “concerns” about security are unadulterated rubbish. All options are written into the database in a secure manner using the recommended functions and via WP’s standard APIs and then retrieved. If they are really concerned about security, they have to look at the WP platform itself and ensure that none can access options stored in the database for any theme or plugin (not just Suffusion).

As for the rest, the sole deal-breaker is the Customizer implementation. Switching to it is akin to writing a new theme, and that is something I just cannot do.

Anyway, this has been a long and satisfying ride. Thank you for all your support in helping this theme get to the pinnacle of WP themes multiple times over. For those who have the theme currently installed, don’t worry – it will still work as it has; I just will not be able to release any updates for it and it will no longer be available as a theme from the WP directory. In case you are concerned about the “fatal error” on the ticket, the Suffusion Shortcodes plugin addresses it.

Jan 282016

Version 4.4.9 is now live. This version has minor bug-fixes:

  1. I have cleaned up some CSS styles that did not conform to standards. This should have no impact on your websites.
  2. There was a bug in the responsive layouts, which prevented pages from displaying at full-width on iPhones 5 and upwards, if your site had a “Navigation Bar Above Header”. This has been corrected.
  3. Another bug in the responsive layouts caused the “Navigation Bar Below Header” to show up as two selection lists when the screen was resized below your defined breakpoints. This shouldn’t happen any more.
Nov 132015

Following my 2-year hiatus and the post last night, I was mentally prepared to go back and forth with the theme review team a few times on the approval of the latest version of Suffusion. Surprisingly, though, version 4.4.8 of Suffusion got approved within a few hours of submission!

Here is the gist of changes:

  1. Removed Features:
    1. Removed inbuilt custom post types functionality (multiple plugins exist in this area).
    2. Removed inbuilt shortcodes – The Suffusion Shortcodes plugin, with the exact same functionality has existed for a while now.
    3. Removed call to deprecated constructor WP_Widget
    4. Removed OpenID support (external plugins exist)
    5. Removed SEO plugin-like features from theme. This is what I alluded to in my previous post.
  2. Added Features:
    1. This is the only true addition: The gallery post format has been improved to consider scenarios that I hadn’t considered earlier. This is, in part, due to the enhancements that WP has made over the years to the gallery shortcode.
    2. A couple of zero-impact additions: I added a required CSS class for accessibility, and theme support for title-tag. This was necessary to get the theme to pass the checks.
  3. Changes and Fixes:
    1. Updated the theme to use latest WP features.
    2. One of the guidelines that was preventing me from changing the theme was how I used to save options (upon activation). So this time I bit the bullet and changed the functionality such that changes are saved only when you explicitly save options.
    3. I sanitized the call to echo($_GET[…]) in the backend.
    4. There was an issue and its fix outlined by Drake here. I put this in the theme.

I did notice some questions on the forums inquiring about script vulnerabilities, so I wanted to spend some time talking about it. The WordPress team takes security and vulnerabilities very seriously, and they have methods to track down themes with security holes. Now, Suffusion itself doesn’t use any third-party PHP scripts. Around 5 years back I had TimThumb, which I replaced with WP’s native resizer. Incidentally, several months after my making the switch, a severe issue was detected in TimThumb, and every theme on the theme repository that used TimThumb was suspended till the author changed it. Suffusion escaped the axe, because I had already taken care of this earlier. Then later, WP found an issue in one of its own functions. So it went after every theme that was using that function on a page facing the public. This was pretty recently, and again, Suffusion escaped the axe.

The point of saying the above is, Suffusion is in a pretty stable state, and the only cases when I have to change the theme are when a vulnerability has been discovered in it (which, touching a lot of wood, hasn’t happened), or if some new WP functionality has broken Suffusion code (which caused me to release version 4.4.7). In either of these cases, I am very quick to respond, since the theme’s massive user-base gets affected if I don’t.

WP also has a policy of removing themes older than 2 years from the search results. This doesn’t mean the theme has vulnerabilities – it only means that the theme has functionality that might not now be compatible with WordPress. You can always still get to the theme directly from WP through the theme’s URL (it is only eliminated from the search results). WP truly removes a theme only if it has security vulnerabilities, violates GPL or copyright laws, or has its developer put in a request to kill the theme.

Hope you have no issues with working the theme!

Nov 132015

It has been a long time since I committed to providing an updated version of Suffusion. But in between losing my licence for the IDE I develop on, and the plethora of things I needed to take care of in the theme, I just wasn’t able to do it enough justice.

Luckily I was able to roll up my sleeves this week and get all the pending things cleared out. I will shortly upload a new version to the WP theme repository. As it has been ages since my last theme update, I am sure the review team will come back with comments about making changes in the theme, so I am not sure how many iterations it is going to take. Regardless, it should now be a matter of days before the next version comes out.

That being said, I would like to call your attention to a comment I had made in my previous post. Quite a few options have to be removed from the theme because they are of a “plugin” sort, and one of them happens to be the set of SEO settings. However, long-time Suffusion user and forum administrator Drake has a way out for you. Do follow his instructions to ensure a seamless move from Suffusion’s SEO options to a plugin of your choice. If you were already using a plugin earlier, this should have no impact on you.

The version that I have submitted removes some features, but is not very high impact – there are no additional features. So the transition should be smooth.

Aug 032013

Version 4.4.7 of Suffusion got approved a couple of hours back. As mentioned in my previous post, there are a couple of things in this version:

  1. A fix pertaining to the new version of JQuery UI included in WP 3.6 – Drake already posted this fix on the forum, and upgrading to the new version should give it to you right away.
  2. Removal of WP 3.3 support – It is my policy to support 2 prior versions. With this new WP release I have removed support for an older release.

As I predicted in my previous post, I did get the direction from the WPTRT to remove the SEO features of the theme. I will be releasing a plugin to help you transport your SEO settings from Suffusion to an SEO plugin of your choice, and will consequently delete the SEO capabilities built into Suffusion. Using the plugin you will be able to move the settings over without much impact to your site.

Suffusion is turning 4 in a few days and will hopefully hit the coveted mark of 1 million downloads at the same time. Thank you for your excellent support all these years.

Jan 212013

Version 4.4.6 of Suffusion was released a little while back. This is a minor version, but with some far-reaching changes:

  1. I have changed the JQuery functions in the theme to use on instead of live. The live function was deprecated in JQuery 1.7.0 and is removed in 1.9.0. Now, WP itself distributes JQuery 1.8.3, which is why there was no issue with the theme. However, some plugins get fancy and pull the latest version of JQuery from Google CDN and that used to break Suffusion. This release should work fine with JQuery 1.9.0
  2. The prior versions of Suffusion used to come with FancyBox and ColorBox scripts that had been slightly modified to handle JQuery Tooltip. I have found a way around this, now the scripts are back to the original.
  3. Suffusion was using the image_resize function so far for image resizing. This function got deprecated in WP 3.5, so I have added the code to use the new replacement.
  4. I added a filter, suffusion_cat_tag_query_args to featured posts for letting users add their own parameters to the query.

Hope you like this version.

Jan 132013

Version 4.4.5 got approved today. This version has the following changes:

  1. I have removed all uses of the “Pointer API”. This was the piece of code that used to show tips about changes in the new versions. This change was again necessitated by the WPTRT, since contrary to Andrew Nacin’s claims about the core team having no influence over the review team, the opposite does tend to happen quite often. This change came about because the core team didn’t want themes using this API. Anyway, this is not a big deal, and it only presents some loss of information.
  2. One of the recent additions to the JetPack plugin was Photon (not to be confused with my plugin Photonic). Photon offers some impressive functionality, like caching of your images and their dynamic resizing. So if you have JetPack and if you have activated the Photon module there, Suffusion can use Photon for resizing the images instead of the inbuilt resizer. You can switch this on from Appearance → Suffusion Options → Other Graphical Elements → Miscellaneous → Use JetPack Photon for Resizing. This is generally going to be more reliable since Suffusion’s resizing is handcuffed by the limitations of WP’s resizing capabilities. It is possible that the Photon integration may have some glitches, and if you find any, please report them. You will be able to turn off Photon integration and resume with your blog the way it was originally if some Photon-based feature doesn’t work out.

Hope you enjoy this release.

Dec 132012

I was hoping version 4.4.4 would go live on 12.12.12, which unfortunately was missed by a day. Here are the updates in this version:

  1. I removed the two shortcodes in the theme that could be classified as “post content” shortcodes – suffusion-widgets and suffusion-multic (along with its companionsuffusion-column). This is thanks to the guideline change from the review team, as mentioned in my previous post.
  2. JQuery 1.8.3 bundled with WP 3.5 was causing a conflict, resulting in problems in featured content display. That has been addressed. Sorry for not catching this prior to the WP 3.5 go-live.

I have also updated the Suffusion Shortcodes plugin to version 1.01. There was a small problem causing clashes with other non-plugin shortcodes in the previous version. This version should work just fine. You will need this version if you were using any of the removed shortcodes from Suffusion itself.

The other plugin updated is Suffusion BuddyPress Pack, which had a typo in one line, resulting in a script not loading.

Dec 072012

It took a while, but version 4.4.3 of Suffusion is finally live. This version has a handful of changes:

  1. New Features:
    1. I have added an option to disable widgets, under Back-End → Modules. In there you will see a listing of all of Suffusion’s custom widgets. If you are not going to be using a particular widget, feel free to disable that widget. It will reduce the load on your server.
  2. Bug Fixes:
    1. I have fixed a problem that was causing all tiles in a tile layout to be of the same height.
    2. There was also a problem where users were unable to unset certain options, like the one to make responsive layouts compatible for iOS devices. This should now be working.
  3. Code Housekeeping:
    1. I have removed most of the BP integration content that was bundled with the theme. This is mainly because BP integration is exclusively supported in the Suffusion BuddyPress Pack, and this plugin has been around for a couple of years now.
    2. I have also completely separated out conditional WPML code so that it doesn’t load with the theme if you don’t have WPML installed.
    3. I have moved the CSS generation code to a dedicated CSS generation file from functions.php. This reduces the load for those scenarios where the CSS is not being generated.
    4. I have removed the BGIFrame library from the JS code, since the theme doesn’t aim to support IE6. This library was intended to help IE6 users not have issues with overlapping navigation bars.
    5. I have deleted some functions that were no longer being used in the theme.

As I write this, WP 3.5 is nearing its release. For several reasons I am not very thrilled about this.

Firstly, this release, as in the case of the previous one focuses on style rather than substance. There are several tickets in WP with patches for some WP problems, which don’t seem to get triaged ever. Instead the core developers focus on things like supporting larger theme screenshots in the back-end. In the meanwhile, several of my pet peeves (such as the fact that two active plugins cannot both modify the navigation menu traversal) continue to be ignored.

Secondly, the dogmatic approach of the theme review team, which reaches new levels with every major WP release, is now becoming too much of a headache to deal with. The latest set of guidelines that will be effective around a month after 3.5 goes live has some gems that make me want to stop theme development for good:

  1. New guideline under presentation-vs-functionality: Themes must not bundle custom post-content shortcodes
    While I understand that this is intended to prevent “lock-in”, the levels to which the review team is willing to go to shove this down our throats is astounding. The above essentially means that two particular shortcodes that Suffusion offers, suffusion-widgets (which lets you do ad hoc widgets) and suffusion-multic (which helps you do multi-columns) have to be pulled from the theme very soon. It doesn’t matter that these have been in the theme so long that if they are pulled, sites can break. More surprisingly, it doesn’t even matter that to prevent a lock-in I published a plugin (Suffusion Shortcodes) that will help users transition out. I made several suggestions like making theme authors bundling such shortcodes indicate this in their readme files or in the theme CSS header. I even volunteered to write a patch to core that will make users aware that a theme is defining custom shortcodes and alert users to the potential lock-in. But none of this made a difference.
  2. Timing for making do_settings_sections() required (as opposed merely to recommended) as part of Settings API implementation
    This isn’t one that affects me, but it makes me wonder if the review team is really so starved of work that they think up such ridiculous “guidelines”. I can say without a trace of hubris that I have pushed the WP Settings API farther than any other theme author on this planet. To the best of my knowledge there is no other theme that does 2-level options pages using the Settings API honestly (and I use the aforementioned do_settings_sections calls, which are terrible). And IMO the Settings API is among the lousiest and most hard-to-use pieces of code in WP. Telling users to use it for their options is like asking them to start drinking kerosene instead of water. I would love to see other themes with multiple options pages embrace this and use this function whole-heartedly. Of course, this isn’t a full-blown guideline yet, so it might not see the light of day.

Basically, the Theme Review Team is fine as long as it reviews theme quality. But telling a theme that it cannot include certain features even when such features are offered separately in a plugin primarily to prevent lock-in is BS. The people making the recommendations, for the most part don’t have to handle massive user bases, and that gives them a woefully inadequate view of ground realities. What is more amusing is that prior to each release there is an elaborate charade of “gaining consensus on guidelines”, yet what happens is that the only people whose opinions count are core developers, WP community big-shots and admin reviewers (I am none).

While I don’t normally rant here, the latest revision to the guidelines upset me so much that I have seriously begun to evaluate if developing Suffusion is worth it. It isn’t that I am upset because somebody has taken away my new toys. If you check Suffusion’s history you will see that however convoluted a requirement is, I have always managed to handle it even if I don’t agree to it. But there is always a straw that breaks the camel’s back; hopefully this wasn’t mine. A hobby is supposed to be fun, and I have been avoiding Suffusion development because the fun is all being bled out of it.

In the meanwhile, the Instagram module of Photonic is almost ready!

Nov 152012

While not Suffusion’s worst release by any stretch (that dishonour goes to version 3.7.4), version 4.4.0 did have some quirks that typically accompany releases that mess around too much with layouts and have been in development for a long but scattered period of time. The currently available version, 4.4.2 should address most of the issues seen:

  1. The worst bug of the lot was one that refused to accept custom image size parameters for images. Luckily the bug was caught within a few hours of the release and I was able to patch it the same evening.
  2. The next bug was the hanging of the tiles layout due to an unresponsive script, which I have taken care of.
  3. The third fix was for a duplicated index of posts in the static featured content. This was a curious bug, which I am not sure that I have rectified fully, mainly because I have not been able to replicate this on my test sites. However I have put in a stopgap fix that will prevent the index from duplicating.
  4. The last fix is again for the tiles layout, where the tiles were appearing too short for their content.

Hopefully this will resolve most of the issues that you have faced after 4.4.0.